DOCKET NO. 1090414-991100 

We claim: 

1 LA method of conducting a secure transaction with an on-line service while 

2 offline comprising the steps of issuing a transaction authorization token to a user from an 

3 application server for the on-line service while the user is online; preparing an off-line 

4 transaction object containing data to specify and request the transaction; sending a 

5 message to the on-line service, said message containing the transaction object and the 

6 authorization token; upon receipt of the message, the application server validating the 

7 token to authenticate the user and to authorize the transaction; and executing the 

8 transaction object if the transaction is authorized. 

1 2. The method of claim 1, wherein the token is issued to the user via an e- 

2 mail message sent from the application server. 

1 3 . The method of claim 1 , wherein the token is issued to the user via a 

2 download operation while the user is on-line. 

1 4. The method of claim 1 , wherein the user prepares the transaction object 

2 off-line. 



1 5. The method of claim 1, wherein the on-line service comprises the 

2 application server, and the user requests the token for the transaction from the application 

3 server. 



1 6. The method of claim 5, wherein the application server accesses a database. 
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7. The method of claim 1, wherein the token comprises a unique identifier 
that is generated by the on-line service when the token is issued. 



1 8 . The method of claim 1 , wherein the token is a one-way encryption of at 

2 least one of an identity of the user, a transaction type, and a data object for which the 

3 transaction is authorized. 



1 9, The method of claim 2, wherein the application server receives an 

2 incoming message including the token, checks the token for validity, and accepts or 

3 rejects the token. 

1 10. The method of claim 9, wherein the message delivering the token and off- 

2 line transaction from the user to the application server is an e-mail message delivered to 

3 the application server via an asynchronous e-mail delivery method. 

1 11. The method of claim 1 0 where the asynchronous delivery mechanism is 

2 database record synchronization. 

1 12. The method of claim 1 1 where the asynchronous e-mail delivery method 

2 comprises a synchronization of data between a portable computing device and an on-line 

3 service. 
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1 3 . The method of claim 1 , wherein the token includes data representing a 
time period during which the token is valid. 
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1 14. The method of claim 1, wherein the token includes data representing a 

2 valid access duration for the token. 

1 15. The method of claim 1 , wherein the token specifies an e-mail audit 

2 signature, and said token is valid only if the transaction is sent from an e-mail program 

3 via an e-mail delivery path that matches the e-mail audit signature. 

1 16. The method of Claim 1 5, wherein an e-mail address to which the message 

2 is sent varies according to an authorized data object and transaction type. 

1 17. The method of claim 1 , further comprising encrypting the transaction 

2 object. 

1 18. The method of claim 17, wherein said encrypting comprises issuing a 

2 temporary public key that is a one-way encryption function of an address to which the 

3 transaction is to be sent for encryption of the transaction object. 

1 19. The method of claim 1 , wherein the token is contained in a body or a 

2 header of an e-mail message. 

1 20. The method of claim 1 , wherein the token and the transaction object are 

2 attachments to an e-mail message. 
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1 21. The method of claim 1 1 , wherein the application server ensures that the 

2 token can only be used once, by authorizing a specific transaction by a specific user on 

3 specific data objects. 

1 22. The method of claim 1 , wherein the application server is a web-based 

2 application server. 

1 23 . The method of claim 1 , whereon said transaction is selected from the 

2 group consisting of a database modification, update, adding a file, and editing a file. 

1 24. The method of claim 23 further comprising checking out a file, editing the 

2 file off-line, and checking in the file as an e-mail attachment. 

1 25 . The method of claim 1 , further comprising authenticating the user with a 

2 password and a network identity while the user is accessing the on-line service. 

1 26. The method of claim 1 , wherein the user comprises a software agent that 

2 conducts the transaction on behalf of the user. 
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